An integrated approach to network intrusion detection with block clustering analysis, generalised logistic regression and linear discriminant analysis
by Zhanshan (Sam) Ma
International Journal of Information and Computer Security (IJICS), Vol. 4, No. 1, 2010

Abstract: The objective of this study is to develop an integrated modelling approach to network intrusion detection with three multivariate statistical methods: Block Clustering (BC) Analysis, Generalised Logistic Regression (GLR) and Linear Discriminant Analysis (LDA). A pipeline processing strategy with BC followed by either GLR or LDA is attempted in order to automate the intrusion detection process. The preliminary testing results show that the integration of BC and LDA is very promising, but that of BC and GLR is uncertain. Essentially, BC offers a classification algorithm, and LDA or GLR further assesses the results pipelined from BC and enables a judgement to be made (e.g., intrusive, suspicious, or normal). Although clustering techniques have been widely utilised for intrusion detection from the very beginning of the field, to the best of our knowledge, BC has not been applied in intrusion detection or computer science previously. The two-way joining strategy of BC in cluster detection is especially desirable for intrusion detection since information from both data cases and variables (features) are synthesised to form block clusters, while other clustering methods often only consider information from either data cases or variables. The paper also discusses the justification for our choice of the three statistical methods. The choice is largely determined by two of the most obvious properties of intrusion audit data: most variables in intrusion detection data are categorical, rather than continuous; the probability distributions of these variables usually are not normally distributed. In perspective, we suggest that the integration of BC with Independent Component Analysis (ICA) (which has been successfully utilised in speech recognition, brain imaging and intrusion detection in combination with other statistical methods) is likely to offer a mutually complementary approach. We further suggest that the integration of the approach developed in this paper with Multidimensional Scaling (MDS) may produce an effective technology for building visualised real-time intrusion detection systems.

Online publication date: Fri, 26-Feb-2010

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?

Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email